Tuesday, September 30, 2008

Good post from Jeff Atwood about cross-site request forgery (CSRF) attacks. One thing that comes to mind is that this is an example of the best kind of security exploit - one where the exploit depends on the target system doing the right thing. A Web server is meant to respond to URL requests, and determine its response according to the browser credentials and any arguments passed in with the URL.

A CSRF attack essentially consists of arranging things so that users cause this to happen without being aware of it; for example, placing an object on some other Web site that carries a link to the target URL, or a button that causes an HTTP POST to a target URL as well as whatever it's meant to do. As a refinement, you could so arrange things that the request was passed through something you control, so you can snarf the credentials and perhaps also the reply.

Rough; but it's precisely the fact that you can do this sort of thing that lets you do all sorts of Web-application magic. What happens when you call a third-party API (or even just an image hosted somewhere else) from within the browser? That's right, the user loads your Web page and incidentally loads the third-party service's URL with their browser credentials.This is how the del.icio.us feed in my sidebar (on TYR 2.0) gets there. Oh noes, no YouTube or embedded GMaps, or a whole lot of other useful stuff.

Oh well, enough of that. Does anyone know of a Firefox extension or similar that lets me submit comments I leave on other people's blogs to a service like del.icio.us? I specifically don't want a blogging tool, I just want to keep the comment URL, the URL of the related post if separate (i.e. haloscan style), and the text of the comment, and perhaps some tags.

What have we here? Via Spencer Ackerman: David Wurmser, trying to sketch the wiring in his head on a really big piece of paper.

The spider chart was meant "to create a strategic picture, and that strategic picture is the foundation of policy change," Wurmser said. "It helped you visualize, because if you saw, say, twenty relationships between X and Y, and twenty between Y and Z, then there's at least a suspicion that Z and X are interacting through Y." A map like that could bring insight, but there were perils in surmising too much.

Suppose X and Y were Dick Cheney and Colin Powell. Twice they served in senior posts under presidents named Bush. In the early 1990s, they worked at the same address and were spotted together on international flights. They communicated frequently, encrypting their secrets....

The problem with this sort of semi-random links-and-ties analysis is twofold - not only is your brain predisposed by millions of years of evolution to impose patterns on raw data, which means you're bound to find pattern if you look for it, but the spurious ones we inevitably perceive come from somewhere. Specifically, they come from our preconceptions, prejudices, and perhaps most of all, from the ones we don't want to admit to. Just as you'd only dump the whole logs from a computer program to trace a bug, you don't free-associate in order to make plans.

So as well as generating lots of time-sucking, budgetivorous false positives, this kind of thinking actually tends to make us behave even more stupidly, because it strengthens all the least rational forces within us.

I really mean this, by the way, and I'd love to hear from anyone who has comments about its potential implementation.

Monday, September 29, 2008

Oh bloody fuck. He's at it again. George Osborne is in his white coat, on the stage, flogging his snake oil. All he needs now is a gospel choir. I think we've pointed this out before, but here goes. The Bank of England was nationalised in 1946. It's part of the State. The money in it is as much public money as the money in the Treasury. It is fundamentally dishonest to pretend that you can take the assets of a failing bank onto the Bank's balance sheet without any cost to the Government budget.

And George Osborne thought the Bank's balance sheet was composed of public money back in the autumn of 2007. We were told that the loans to Northern Rock were regrettably unavoidable but also a terrible risk taken with our money. Here he is at ToryKennel:

"The question we now ask of the Chancellor is simple: has he been honest with taxpayers about the risks that they face, and has he told the whole truth? ...[snip]

The Chancellor will not tell us the size of the facility, when he expects it to be repaid or the terms of the repayment, even though much of that information is an open secret in the City. Indeed, the Governor of the Bank of England wants to publish the letter that he sent to the Chancellor to set out those terms.

Suddenly, after nationalisation, this statement became inoperative. The Bank of England had become a kind of charitable institution, nothing whatsoever to do with the Government, devoted to acting as a hospice for dying banks. Strangely, its Governor appeared unaware of this change.

Of course, this is a teachable moment about the Tories and the voluntary sector. As Boris Watch wisely points out, they are obsessed by the idea that Britain is full of charities who all have inexhaustible resources of their own, topped up regularly by squadrons of flying ponies. Poor old Gideon; what a nasty surprise to learn that the Bank is a public sector agency staffed by Daniel Davies' past colleagues and notably deficient in ponies.

Further, does the Bank even have the capital to digest a whole failed bank on its own hook, without having to turn to the Treasury, or print money? Well, we could always look at the sodding books, couldn't we? Bringing the Bradford & Bingley's mortgage book (about £41bn) onto the Bank's balance sheet would imply a Bank with one-and-a-half times the current level of assets, but no more capital than it presently has. Its current net worth is only about £2bn. Now, B&B's liabilities were about £51bn, of which £22bn was made up of deposits, which have been taken over by Banco Santander; so for the rest, assets exceeded liabilities by some £12bn. However, for public sector accounting purposes, net debt/credit is defined as liabilities less liquid assets, and the whole point is that the mortgages are far from liquid. To put it simply, the Bank of England would have had a negative net worth several times as great as its existing capitalisation.

We would have successfully replaced an actually quite well capitalised bank with a desperately undercapitalised central bank. This isn't that big a problem; central banks are weird financial institutions anyway. But the vast bulk of the Bank's assets are loans to other banks, as you'd expect, and the last thing we want it to do under current circumstances is to stop lending to other banks.

Now, the whole point of this crazy exercise is to save the Treasury's books. But it's literally insane - and inane - to behave as if the taxpayer was on the hook for some sort of huge debt. The problem isn't on the liability side of the banks' balance sheets; it's on the asset side. Now, how bad do you think the problem is? Shall we assume that the housing market will go down 50% from the peak, a crash of epic proportions? Well, that would still leave the Treasury sitting on £20.5bn worth of assets (or about equal to the Bank of England's assets), with no hurry to liquidate them. And the Treasury has essentially got it for nothing. It's also fundamentally dishonest to pretend that literally every mortgage at the B&B is worthless.

However, Osborne insists on arguing that the total numbers involved are incredibly high, and also that the Bank of England's puny capital base is sufficient to handle them without cost to the general Government budget.

Vince Cable, the Liberal Democrat Treasury spokesman, said that ideally a private buyer would have been found for B&B, but he recognised that part-nationalisation was the "only other way forward". Mr Cable said the deal could even benefit taxpayers. "They have got a lot of bad loans, they have got the buy-to-let mortgages, they have got the self-certified mortgage arrangements," he said.

"But it may that in the long-term, having acquired this for virtually nothing, the Government will be able to sell it and perhaps either cover itself of probably even make a profit." Mr Cable contrasted the situation with that in the US, "where the taxpayer is actually paying to buy up bad loans." He said: "here the Government is effectively getting them free, and depending on the competence with which they are managed, it may prove to be a relatively successful deal for the taxpayer."

Not so Osborne. From the same article:

George Osborne, the shadow chancellor, said: "I don't think the taxpayer should pick up the bill that really should be borne by the City.

"What is really being saved here are not the depositors or the jobs - it is the large institutions that lent lots of money to Bradford & Bingley and made money out of that when times were good, and now that times have turned down, are asking every single person in the country to pay more in their taxes to bail out this bank. "Under nationalisation, the taxpayer steps in and says 'We are going to give you your money back'. I'm not sure that's fair."

The bill *has* been borne by the City; the shares have gone to zero, the bank has been broken up. In fact, the "large institutions" lose out badly, if by that he means the major clearing banks; they ended up stuck with most of the £400m in new shares issued a couple of months ago, which are now worthless.

Here's a little extra for you (hey, I had a Halifax savings account when I was a little boy and they had branches in Dales villages); Osborne, and the entire Tory party, were very horrified by the bill for the nationalisation of Northern Rock because they claimed it contained provisions for the takeover of more banks, and only an evil socialist plot might explain this, as this would never be needed again. Clearly, when Gideon says they're all being alarmist, it's time to go short.

Update: The numbers in an earlier version of this post were based on B&B plus NR assets and liabilities, which was far from clear in the text. I've recast it to take account only of B&B. You can, of course, add the NR numbers...

Sunday, September 28, 2008

I'm relatively laying off US presidential politics this year, unlike in 2004 (and aren't you glad?), but this sticks out: John McCain gambling serious money, and apparently considering casino execs his "friends". Long before the point that he gambles with them and apparently wins, which is bad enough, you've got to wonder, haven't you? They're not your friends...

Just to note that one issue of the Sun this week managed to rehash the much debunked pirates will knifecrime our asylums!!! story, yet again. It's still drivel, of course; after all, here are those excitingly amoral Frenchmen, about to wire their pirates up to the ship's power bus....or not. The latest lot are heading for France and their trial, like the others.

OK, someone's left an armed UAV in the changing rooms. Is it you, Harrowell? No? Speak up? America? Turkey? Italy? Well, it would be interesting to ask somebody how many Predators the RAF possesses at the moment, compared to a few weeks ago.

Pakistan, Afghanistan, nuclear proliferation and trans-national Islamic terrorism are now fully enmeshed. They are one and the same, and a failed state, Pakistan, is the linchpin to them all.

No. Not you either, John. Pakistan isn't a failed state in any reasonable sense of the term; it's misgoverned, frequently with the assistance of the Western alliance in various forms, it has problems. but its systems function, its economy has been doing well, it is well able to defend its borders and it is making this very clear - 7.62mm clear.

PPB says that it was getting there just before Musharraf's coup and it's only offensive to say so if you're Nawaz Sharif. But that's not the point; the problem is that the US is horribly likely to behave in Pakistan as in Somalia if the failed-state meme takes hold. And nothing makes states fail like the perception of state failure - it's very like a bank in that sense. Nobody can afford this in a country with (as everyone, hackneyedly, clichedly says) nuclear weapons, with the Indian and Chinese dimensions, with the coast on the tanker routes, and the MSR to Afghanistan.

Of course, it's a crappy cliche to assume that the Pakistani military elite doesn't keep the nukes very close. But cliche seems to drive policy here. Pakistan doesn't need gap shrinkers, assault ships, setting up the precinct or any other Thomas Barnett bollocks. What it needs is respect, and specifically respect for civilian government.

But don't imagine that there won't be people who want to burn shit down. For example; I don't believe this, even though Sean Taylor's Not a Good Day to Die was good. Note the total lack of direct evidence. Gordon Brown was apparently in Washington over the last couple of days, so he had the opportunity to take my advice; but then, as a comment says, you want to talk to America, but what phone number do you call?

This is sick, but perversely reassuring. With the great miscarriages of justice of the 70s, the first phase was that the judge, the cops, the Home Office, and all right-thinking people agreed, and nobody took seriously that the victims might be innocent. This lasted a long, long time; but then we passed into the second phase, when the cops and the government spin doctors concentrated on bullying those of the victims who had been released, and those people who dared to say they were innocent. It was an important stage in the evolution of resistance; dissent was suddenly worth punishing.

Not that this helped very much, and it won't help Jim Bates much. But the sheer stupid desperation here is telling. They arrested him for possessing the hard disk they'd given him to examine; brilliant, PC Brains. We've discussed Bates before; it's worth pointing out that absolutely none of the facts of the cases he was involved in depend on his credentials. Nullius in verba, right? They didn't here; they didn't here.

But if Bates is guilty of possession, then the obvious conclusion is that...so are the police! Perhaps they should arrest themselves?

Saturday, September 27, 2008

25 years ago today I was a three year old boy, living in a village in the Yorkshire Dales, from where you could see the golfball aerials at the NSA's Menwith Hill base. Later, people I knew well would protest it for ages, and a man who was supposedly an engineer for LockMart there lived next door.

Via Charlie Stross, today is Stanislas Petrov day. As a Soviet air defence forces colonel, he was in charge of monitoring their satellite early warning system when it indicated five incoming missiles. But he was well aware of the system's possible failings, and the strategy the US was expected to pursue - after all, what on earth would be the point of firing only five missiles, on a polar trajectory that the Molniya satellites would detect?

And so he declined to give the warning, knowing that if he was wrong, the radar line would light up with panic soon enough. The phones certainly did; they complained he hadn't filled in the station log right, to which he said that he couldn't because he'd had a phone in each hand all night. Of course, the radars didn't go off because there were no missiles - when the ideologues and bureaucrats handed the issue to serious scientists, they worked out that it was an inherent flaw in the system's design, connected with the unusual orbit of the satellites and rare conditions in the upper atmosphere. A false positive could have happened at any time.

That didn't wash with the Karlo Rovskis; they sacked Petrov, who had anyway had a nervous breakdown (who wouldn't?) not long afterwards.

Petrov's heroic success was based on a few things; the first was his sound understanding of the machines. He didn't need to ask the experts or believe the big computer. The second was that he understood the political and grand strategic situation. It made no sense to send five rockets. The third was that he feared what the buggers might do anyway; yes, it might be clear that nobody would send five rockets, and anyway the radars would give enough time to press the button, but who knew what the politicians (of every kind) would do under the effect of fear?

The fourth was that he acted, not letting the fools take the wheel. The Soviet Union was in the hands of a middle-ranking air force colonel, as in so many science-fiction horrorshows; but no-one could have been better. I can't help but think of the lowborn Model Army men of the civil war; Colonel Hewson and Cornet Smith against the Duke of Godknows.

Friday, September 26, 2008

Ah, MEND - everyone's favourite dark-globalisation guerrilla gang, whose strategy is based on the world oil market as they career around Nigeria in RIBs with six or so huge outboards and silly numbers of heavy machine guns, while God knows where their leader/committee/nameless mobile phone number is. You can see why the defence establishment loves to worry about'em; like the Vikings, the Hell's Angels, the rappers and the Viet Cong at once. Never get out of the boat, as someone said. J-Ro is always mad keen on them; I reckon they're far more classically Marxist, fighting for a better share of the resource export money.

But I think their campaign may be slipping. Here's why.

Reuters Alertnet reports them issuing a wave of threats to foreign oil workers on the 13th of September. On the 14th, they declare an oil war. What else was going on at that moment? Hurricane Ike was certain to hit the US oil infrastructure in the Gulf of Mexico by the 10th or thereabouts - the landfall was on the 13th. It was the perfect moment for a global guerrilla group to hit the infrastructure of a major oil exporter. But the price of oil was dropping sharply; even threats to step it up further only had a marginal impact.

On the 21st of September, MEND announced a ceasefire; you'll note that the reduction in supply they achieved was around 150,000 barrels a day. The day after this, the oil price jumped wildly; the best explanation for this is a classic bear squeeze, as that particular day was a witching (the last day to buy oil before the futures contract for that month expired).

So what's going on? Here are the figures for US oil demand in the relevant period. The demand for oil fell by 1,400,000 barrels a day compared with the same week a year before, which was itself down on the year before. That is no small quantity. That's not too far off half Iran's exports, and it's ten times the cut in output MEND can reliably achieve when its leaders call for it. This is interesting; strategy beats tactics, after all, and the power of the global guerrilla is meant to be based on a permanently hypersensitive infrastructure.

Part of this is due to international trade in fuel, of course; but although there's apparently a queue of ships in New York waiting to unload, I haven't spotted a consistent spike in product-tanker rates, as opposed to VLCC ones, yet.

I don't believe this; note the lack of any direct evidence, not even packets of Indian steel balls. What I do believe is that we're heading for a serious catastrophe with regard to Pakistan. As I've said before, the American meta-narrative seems to be that it's something like a 50s-70s rightwing military dictatorship in Southeast Asia or Latin America; everyone is secretly communist but we've got to support El General or, god knows...

But this is drivel; the facts are that nobody votes for the Islamists. Even in the NWFP, they didn't break 15 per cent. All the things we claim to support are embodied in the politics we're making enemies of - the lawyers' movement, the middle-class activists behind the PML-N, the working class support of the PPP. Les forces vives de la nation, you could say. Both the working class, and the new mobile phone network bourgeoisie (it's more than symbolic that the missing at the Marriott include the CFO of Mobilink).

But we've been encouraging Mr 10% to dishonour his agreement with the PML, thus dropping the movement for democracy in it. As soon as Mr 10% got his new status as Musharraf 2.0, supported by his own party and the near-mafia in the MQM (thanks, Mark Lyell-Grant), the Americans began doing airmobile raids over the border and the Pakistani army began shooting back.

Second, contra the apocalyptic prose of the LA Times, the main concern of the Pakistani elite is not that tribal extremists from a thinly populated hinterland will take over Pakistan, an urbanized, populous, and industrialized country of 120 million people. The main concern is that the democratic institutions haltingly restored in the post-Musharraf era will be swept aside by violent unrest and a return to military rule if Pakistan is forced to bow to the United States’ demand for an all or nothing military solution in Afghanistan and western Pakistan.

But it goes beyond that; there is absolutely no possible goal in the NWFP or Afghanistan that is worth risking making things worse in Pakistan. We could, after all, quit Afghanistan. (We did it before.) But in Pakistan, there is the huge modern army, the nuclear bombs, the coast on the oil tanker routes, the special relationship with Saudi Arabia, the Indian and Chinese dimensions. Even Osama bin Laden in person is not worth this stuff. Strategy beats tactics.

And just to speak of tactics, Britain is in the first line to lose here. The Army's main supply route to Helmand is vulnerable to the Pakistani Taliban, the Baluchistan Liberation Front, and the Pakistani army. And there's a good reason why you can get regular flights from Manchester to Islamabad. We don't need this shit.

There was a time when a Labour prime minister was involved in a war, in which the Americans were too. They wanted to do something crazy, irresponsible, and vicious; they wanted to go nuclear in Korea. Clement Attlee went straight to Washington to say no; some disagree as to what impact this had, but at least he was trying. Brown should head right for Washington and say no. No intelligence cooperation, no help with the financial crisis, everyone out of Iraq and Afghanistan as soon as possible. I'd vote for him.

Monday, September 22, 2008

Well, there's something for you. Viktor Bout's lawyer actually showed up for a hearing; this is after lawyer no.1 repeatedly failed to appear and pleaded sickness ("I...I have a heart condition. I have a heart condition. If you hit me, it's murder...") and lawyer no.2 found he was permanently busy.

I had wondered if he planned to stay in Thailand as long as the local bar association wasn't exhausted of lawyers who hadn't taken part in the case; but it seems he's actually going to fight the extradition, so the court adjourned until a date is set to hear arguments against the prima facie evidence required.

The man himself looks rather more cheerful than around the time of his arrest.

Meanwhile, Rogue Planet reports on a string of arms smuggling cases in South Florida, including the AEY Inc case and another one involving an attempt to sell Russian helicopters to Zimbabwe. It might be worth noting that the Missing 727 and 3X-GDM cases both involved planes sold by one "Maury Joseph", apparently based in Florida and a fan of big steaks.

"Our approach will be one of humility. On 22nd July 2005, we confidently believed that our systems of command, of surveillance and of firearms intervention were among the best in the world. However, they failed in response to a previously unforeseen circumstance, suicide bombers on the run."

Well, it's an admission of sorts. But it wasn't all that unforeseen, was it? The Met had two plans in place, a static one (Operation C) to deal with an attacker at a major event and a mobile one (Operation KRATOS) to deal with...a suicide bomber on the loose in public.

They just didn't decide which one fit the circumstances, came up with a dog's breakfast of a hybrid instead, and then carried it out so poorly it would have been a disaster whatever the plan.

We haven't had any Metropolitan Police blogging for a while, which is a pity given that "Sir" Ian seems to be bent on making enemies of literally everyone on the force. I can't help thinking that Tarique Ghaffur and Ali Dizaei are making this into a personal vendetta, but then, who the hell wouldn't?

Sunday, September 14, 2008

From the always wonderful, Satin Pajama shortlisted, Where the money is..., the rock band who stage guerrilla gigs in banks. Bursting out of a white van, the men in balaclavas from the power trio Caracho (as in "Ni karasho!", I presume) charge into the bank, assemble their specially hacked backline amps, and hit it. This could really only happen in Berlin, no?

I'm glad someone else has picked up on this: James Graham has at an especially witless statement from Gideon/George Osborne. What Osborne is doing here is far less stupid, and also far less honest, than usual; for a start, he's managing expectations whilst at the same time bashing the Government, by pretending that he's expecting something like the scene when the British took over one of the Boer statelets and found less than a pound in the treasury. Some people will believe it, and it means that if he does get to be chancellor, he's almost certainly going to have a nice surprise available. It also serves his purposes in bargaining with putative Tory spending ministers, who will be easier to discipline if they're scared.

And, of course, it's easier than having a policy. Simply not fit for government.

More China convergence blogging. Declan McCullagh reports on efforts by the US and China to sneak something nasty into the ITU standardisation process, through a committee that doesn't publish its documentation or let anyone else in the room. But the Chinese appear to be the ones leaning forward;

The Chinese author of the document, Huirong Tian, did not respond to repeated interview requests. Neither did Jiayong Chen of China's state-owned ZTE Corporation, the vice chairman of the Q6/17's parent group who suggested in an April 2007 meeting that it address IP traceback.

A second, apparently leaked ITU document offers surveillance and monitoring justifications that seem well-suited to repressive regimes: A political opponent to a government publishes articles putting the government in an unfavorable light. The government, having a law against any opposition, tries to identify the source of the negative articles but the articles having been published via a proxy server, is unable to do so, protecting the anonymity of the author.

Now that's what I call a use case! The standards group in question includes someone from the Chinese ministry of telecoms and an NSA official whose biog appears to be secret, as well as someone from Verisign; who is hilariously quoted as saying that:

"The OSI Internet protocols (IPv5) had the capabilities built-in. The ARPA Internet left them out because the infrastructure was a private DOD infrastructure."

(Trust me, if you know your Internet history, it's hilarious.) The poor darling, still wishing for someone to bring back OSI. And the representatives of the Chinese Communist Party conspiring away with the NSA.

“Since passage of the Patriot Act, many companies based outside of the United States have been reluctant to store client information in the U.S.,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington. “There is an ongoing concern that U.S. intelligence agencies will gather this information without legal process. There is particular sensitivity about access to financial information as well as communications and Internet traffic that goes through U.S. switches.”

But economics also plays a role. Almost all nations see data networks as essential to economic development. “It’s no different than any other infrastructure that a country needs,” said K C Claffy, a research scientist at the Cooperative Association for Internet Data Analysis in San Diego. “You wouldn’t want someone owning your roads either.”

Read the whole damn thing; it's one of the best reported stories on the Internet infrastructure I've ever seen, they spoke to the right people (Renesys, k c claffy, Odlyzko), and the conclusions are interesting to say the least.

The Renesys rankings of Internet connections, an indirect measure of growth, show that the big winners in the last three years have been the Italian Internet provider Tiscali, China Telecom and the Japanese telecommunications operator KDDI.

Firms that have slipped in the rankings have all been American: Verizon, Savvis, AT&T, Qwest, Cogent and AboveNet. “The U.S. telecommunications firms haven’t invested,” said Earl Zmijewski, vice president and general manager for Internet data services at Renesys. “The rest of the world has caught up. I don’t see the AT&T’s and Sprints making the investments because they see Internet service as a commodity.”

If the "American Internet" is ending, it's because they don't deserve it any more.

Ed Balls, the schools secretary and only member of the Co-operative party in the cabinet, will today propose that 100 schools over the next two years become co-operative trust schools owned and controlled by the local community. He will tell the annual conference of Labour's sister party that he is putting up an extra £500,000 so trust schools have extra financial help to become co-operatives. The move comes as Michael Stephenson, the new general secretary of the Co-operative party and a former political officer at Downing Street, claims co-ops could be on the brink of a revival in Britain. "Co-ops are an idea whose time has come back."

He is looking at how to persuade Labour to bring the co-operative model into railways, schools, housing and other public services, arguing that Labour, searching for new ideas, can find intellectual renewal in those behind co-operatives. The Co-operative party has already succeeded in persuading Network Rail to review its governance structures to see how it can make rail users part of its board.

The actual policy is fairly milksopful, but still; it can hardly blow up too badly. Meanwhile, Gordon Brown announced an insulation push, but for some reason, not an air-source heat pump in sight. It's been badly received; there could be more, although that's hardly an insight, but I'm not impressed by Tony Woodley trying to make "lag the loft" a smear analogous to McCain's tyre gauges.

If this is officially policy amateur hour, I'd point out that my own pet scheme on this issue deals with the problem of what if this winter's really bad and WON'T SOMEBODY THINK OF THE CHILDREN CODGERS? rather well. To recap, I propose to fund it out of the existing bill for fuel subsidies capitalised over several years, and make it subject to individual choice, and voluntary-but-automatic. Those who don't want to or can't take advantage of it can just continue to receive cash. Full implementation of it would eventually reach one-third of UK households, and the bill is £1.98bn, all of which is existing spending. So we could chuck in the £910m from the gas pushers to fund an extra payment for the opters out.

Oh yes, and there's this. I'm beginning to picture some sort of awful inquiry commission wanting to know just what I was thinking, and how I can claim I didn't know cooperatively-owned prefabricated guerrilla hospitals linked to some sort of leftwing cross of Facebook and CVSTrac were going to grow to enormous size and attack our cities.

Ooh, more Iran-war nonsense, this time from none other than mouthpieceful Russia Today, via this thread. There seems to be a meme floating around that there was a war between Russia and Georgia because the Russians intervened to prevent the Americans using Georgian airbases to attack Iran (obviously, a war with Iran is the universal explicator for everything). Quote:

Shortly after that, a phone call came from a college friend who had just come back from Kandahar in Afghanistan, where he had seen American battle tanks being unloaded from a Ukrainian-registered Antonov-124 "Ruslan", the heaviest and largest cargo airplane in the world. The friend asked if I had any idea what tanks would be good for in Afghanistan, and I said I didn't. It's an established fact from the Soviet war in Afghanistan that tanks are no good for most of the country's mountainous territory. They are good for flatlands, and the main body of flat land in the region is right across the border in Iran.

Later in August there was another bit of unofficial information from a Russian military source: more than a thousand American tanks and armored vehicles had been shipped to Eastern Afghanistan by Ukrainian "Ruslans" flying in three to five shipments a day, and more flights were expected.

Wrong! For a start, the Canadian and Danish armies brought their Leopard 2 tanks to Afghanistan. But far more importantly; there are 26 active An-124s in the world (not counting ones operated by the Russian air force). You could load, at the very most, two M1A1 Abrams tanks in one plane. To move a thousand tanks - if the US Army has that many spare, which sounds unlikely - you'd therefore need 500 flights, or 19 sorties for the complete available fleet.

You couldn't get the complete fleet anyway, as it has regular contractual commitments; if you could round up 12 An-124s for the job...well, with 122 tonnes of cargo, the plane has a still air range of 2,335 miles. This means it will need to make multiple stops between Kabul and anywhere in the US; at a cruising speed of 490mph, each hop would be about 4h 45mins long, so at least a 13 hour haul, which implies you're only going to get one trip every two days. So that would be about 83 days' work. At a cost of about $20,000 an hour that's $478 million in air chartering alone.

So this is evidently drivel. But why would Russia Today be pushing it? Perhaps this story in Le Monde might tell us something. Despite all the buffoonery, the Russian government has decided not to break off an agreement permitting NATO to send supplies through Russia to Afghanistan, and will further be providing 4 Mi-8 helicopters for EUFOR in Chad. Now that it's all out of the papers, both parties are paying the price for their harder statements by trimming back their actions. Although, you have to wonder what Sarko offered or threatened to get them out of Poti.

Thursday, September 11, 2008

If you've been following the Viktorfeed, you may have noticed that something's been emerging; Tahmid Air (ICAO: THM) had been flying occasionally between Sharjah and Almaty, but since early August it's started to generate more and more movements (the maximum was achieved on the 10th August with 12 flights) to more and more interesting places. Here's a list of their routes:

Interestingly, they've recently stopped being listed with an airline name; just the flight number. So worizzit? The company is registered in Kazakhstan and officially based there - unlike quite a few, we know they occasionally visit the place too. (It's progress of a sort.) There are two Boeing 737s on the register; UN-B3709 recently became UP-B3703, with serial number 22632. It started out working for charter airlines in the UK (Air UK, Thomson) and later Royal Air Maroc and LAN Chile, but then after Air Caribbean things took a turn for the worse. Tahmid got the plane (as EX-212) from MaxAvia of Sharjah, which keen'n'agile minds will remember was one of the rebadged versions of our really old friends, Phoenix Aviation of the UAE, who had been operating it as EX-632 having bought it via another subname, Dolphin Air.

The other, EY-533, serial number 23517, is reported to be on lease from Tajik Air. This particular plane has also seen service with Kam Air as EX-736 (so in the Kyrgyz registry again), leased from something called Eastok Aviation, a Sharjah-based, Bishkek-registered outfit that shut down after being blacklisted in the EU. All the 4 old 737s it bought second hand from Delta ended up at Tajik Air, but this one seems to have gone further.

Whilst we're on the subject; we're seeing some Transaviaexport (TXC) call signs again on the Iraq and Afghanistan routes, and something called "Centrafrique Air Express" (c/s CAE) sent off a flight to Baghdad at 2300GMT yesterday as CAE416; however, it was listed coming straight back from an undisclosed location 15 minutes later. CAE (IATA: 6C) was apparently started in November 2006 in the Central African Republic; it has two planes listed, a 737 (TL-ADR, 21281) ex-Saudi Arabian Airlines, and a 727 (TL-ADY, 21385) they bought off Damascene Airways in Damascus. There's an atmospheric pic here; it doesn't look like it's going anywhere.

Yes, I'll get around to moving the whole thing over into the new look'n'feel, in my own facilities...as soon as I get round to it, program something to map all the individual permalinks on the two systems together, etc. It's as much fun as Virgin Media's billing department in here. But did nobody over at MessageSpace/YouGov/WebCameron/Teh E-Conservative Movement notice that I'm not just a member of the Liberal Democrats, but a candidate for election several times over?

Two, three, four men who were not the ones you saw at podiums, behind Fox News desks. The man who's pure evil. Hard men. Men who say 'flip the switch' or 'push the button' or 'pull that lever.' When they were younger, they might have done it themselves.

They are the hidden men, not even the grey eminences. The fixers. "That one, now!"

Now the convention is booing Obama. Perfunctory, and unenthusiastically. Oh, line about immigrants being Americans too. Pro forma applause.

The crowd boos, the crowd cheers the war. Rudy Giuliani moves them to froth - Lindsay Graham moves them to scorn.

It's an... evil triumphalism. It's the party of Jupiter Maximus, with Mammon on the one side and thuggish Ares on the other. A party where the leaders are feted till they puke, where the powerful pushing down the weak, those declared 'entarte' or unclean - is not only allowed, not only encouraged, but considered a sacrament.

My God, you've done a journalism! The depressing thing is the comments thread; all kinds of people moaning that she was too cruel to the bastards. Shocked, shocked, I tell you, and nothing at all to do with this. No.

You'd think someone who specialises in blogging about "public diplomacy" would notice when someone refloats a rah rah painted school success story from 2003. Iraqna didn't "happen"; Orascom built it back then, and didn't we all hear so much about how Iraqis had mobile phones? You didn't hear so much, outside the trade, about how a certain Republican congressman tried to stop them having phones that would work anywhere else in the Middle East (except for a certain country). But they did it anyway.

Now Zain (aka MTC Atheer, aka now owned by the Kuwaitis - strange they didn't put that in the brand) has bought out the central Iraq licence. Either way, I'd be surprised if anyone rolled out a green field GSM net in 2003 that didn't support GPRS out of the box, so I rate this one "bollocks". Perhaps they've started offering hosted Blackberry service. Frankly, if I were an Iraqi politician, the last thing in the world I'd want would be a device that forces all my e-mail through data centres located in Canada and the UK, using its own encryption.

Zardari’s attempt to present himself as a savior belies the reality and the way most in Pakistan and even the United States see him. Billionaire Zardari is part of Pakistan’s feuding oligarchy, not a revolutionary against it.

The sad fact is that most Pakistanis have been hostage to this sadistic version of Bill Murray’s Groundhog’s Day for 60 years. There will be no messiahs in Pakistan. Pakistanis need the rule of law — neither Baitullah Mehsud’s law, nor Farooq Naik’s law — and a system with real checks, balances, and accountability to free them from their malaise.

Read the whole thing; I mean the whole blog, if you've got time. I suppose it couldn't last; the position since the formation of the PPP-PML(N) government was just too good. The government had genuine public support, civil society had given The Tyrant a beating, both the Punjabis and Sindhis were represented, and no bugger voted for the Taliban tribute bands.

Now it's back to normal service; a weak, unpopular, corrupt civilian president without support from half the country. I confidently predict there'll be a coup in three or so years. What is genuinely depressing is the role of Zalmay Khalilzad - whether officially or pseudo-unofficially - in egging Mr 10 Per Cent on. The Americans seem to think that Pakistan is a 1970s rightwing military dictatorship, by nature. Says Mr. Douglas State:

Sweating with indignation, as of course they have every right to be, the great majority of the public would go communist tomorrow - and then, what? So, you see, we have to support General Caudillo. I agree he's unattractive, but, you can't do everything...

But they won't - even the NWFP recorded about 15% of votes for the various Taliban tribute bands. They don't trust the Americans. So what? I don't. After all, they got new F-16s from the US, to replace the ones they didn't get the parts for the time before that; they got a couple of spanking new GSM networks from dealing with Norwegian and UAE interests, respectively.

Late to the party, I know. But is this the worst example of biometrics as a religion yet? So the Shia-led, pro-Iranian government of Iraq we're desperately propping up doesn't like the Sunni, Iraqi chauvinist countergangs we organised to prop them up much. So the plan to reintegrate them, as they say, into society as law-abiding citizens ain't going so well. (Ah, Sergeant Hussein? You know how we invaded your country, overthrew the dictator, then dissolved the army you spent the last 15 years in and left you to rot on the dole while we conspired with your despised religious and class enemies? And we finally agreed to enrol you and your old mates as an auxiliary police force because we couldn't catch you? Well, thanks, we're doing it again. Yes, the first bit. Have you considered becoming a plumber? Please don't use any metalworking skills you may acquire to make EFPs, that's all we ask.)

Worse, yer man is now trying to pick a fight with the Kurds, in which case they will no doubt retaliate by grabbing Sgt Hussein's home town and telling the government in Baghdad it can't have any more oil. As a lot of the army Maliki counts on for this is actually the Kurdish army, there's a lot more that can go wrong here. So what's the plan B?

Apparently it's biometrics. All those ex-insurgents from the NOIA who signed up on our side were iris-scanned, and the information something or other with Saddam's old secret police files. Hey, I remember that the secret police files got torched. Except for the bits involving George Galloway and various other people who all by coincidence opposed the war. And the ones the Chalabi Boys nicked and the US Army had to nick back; there's a lot of different data sets wandering about, no? Of course, there's absolutely no point in looking for Sunni Arab nationalist ex-army insurgents in Saddam's old files; it was Sunni Arab nationalist army officers who compiled Saddam's old files in the first place. Perhaps they mean the Republican Guard payroll, but who knows, eh.

Anyway, the biometrics. How is this meant to help? Specifically, the iris scans. Now, if you make a bomb, your irises don't leave any traces on it. Iris-scanning implies you've caught the guy already and you want to check if he's on the list. And the point of guerrilla warfare is that the enemy doesn't know who to lock up, or else they can't catch up with them, or the people they are after hide out somewhere they'll need to stage a huge multidivisional onslaught and probably build a railway to get into. I mean, it's got to be better than having absolutely no information, but it's no solution, especially if the data is mashed up with the wrong kind of intelligence files. (Ah, Sergeant Al-Hakim. You must be proud of your years of heroic resistance to Baathist tyranny...)

It's as if they believe that having an MD5 hash of someone's iris means you can double-click on their photo and they're delivered to your desk like an Amazon.com package; or that the camera will take your soul. But then, every government thinks this, at least some of the time. Which reminds me:

The immigration minister, Liam Byrne, promised yesterday to start issuing ID cards to foreign nationals within 300 days - by November 2008. The first required to apply will be students and those married to British citizens or involved in civil partnerships or long-term relationships.

Seven weeks to go. No contracts. No requirements document. No specs. No code. Someone's in for an epic binge-coding session, aren't they? Or is "Teh Stupid! It's Byrne's!" hoping we've all forgotten? Maybe NO2ID should put in a bid itself...

Saturday, September 06, 2008

So some of our friends came around; and brought their kids. We got out the Chumby, the roast chickens, the giant spiders...no, seriously...

And Maud didn't want to leave her first Unix system. (First of all they found the touchscreen settings, which were presumably more fun than watching it looping over RSS feeds, but the real hit was when they discovered the Web-radio functions and started blasting us with "smooth" jazz and various West Coast hard rock stations.)

So I took my stupid damn idea off to the stupid ideas club. When we got there, guess who? Spyblog was waiting at the rendezvous with some Dutchmen and an Argentine documentarist and half the No2ID members not currently in hospital. And after we made our way through Jock McZanu's EU Maddie monsoon (GOOD HERE ISN'T IT???) to the pub, who shows up but Rat; carrying a total of 30GB of mass storage on his person in an array of USB drives, a fob GPS, and God knows what in his piercings.

Anyway, we talked over the thing, and many other things besides; what should happen if secret police become members? wouldn't it be easier to do an open-source clone of a BMC helpdesk ticketing app? (why? why? I thought my brain would concrete) how would you sterilise an airport fingerprint reader in less than 10 seconds? So I promised to revise the proposals, and well, here they are.

Or would be, but nobody likes a 2,000 word blog post. So instead it's here on Google Documents, which probably means something badological. Read. Mark. Learn. Inwardly digest. Comment. Here at first, but if you want to take part just tell me and I'll give you write privileges. If anyone cares very much I'll get it set up on Sourceforge and set about preparing a list of functions and tables. I still think Django is the way to go, in which case the mapping of the org model into Python classes into db tables should be as straightforward as these things ever are.